HPE Community
Operating System - OpenVMS
1752806 Members
5821 Online
108789 Solutions
New Discussion юеВ

Re: how to find the users who have high privilege

 
SOLVED
Go to solution
Davor_7
Regular Advisor

тАО09-15-2005 08:18 PM

тАО09-15-2005 08:18 PM

Re: how to find the users who have high privilege

hehe~ that's too complex for a new kisser...

thank you all the same. :)
0 Kudos
Reply
Ian Miller.
Honored Contributor

тАО09-15-2005 09:12 PM

тАО09-15-2005 09:12 PM

Re: how to find the users who have high privilege

Carl, parhaps you can submit your modified version to the fileserv archive and new/updated freeware is always wanted for the VMS freeware CDs.

I sometimes use
http://vms.process.com/scripts/fileserv/fileserv.com?uaf
for this sort of thing

$ UAF :== $dev:[dir]UAF.EXE
$ UAF/SELECT=(PRIV=CLASS=ALL,DEFPRIV=CLASS=ALL) /DISPLAY=(USERNAME,PRIV,DEFPRIV)

will list all the users with privs in the All class. For information on privilege classes see the Security Manual.

To list all users with OPER
UAF/SELECT=(PRIV=OPER,DEFPRIV=OPER) /DISPLAY=(USERNAME)
____________________
Purely Personal Opinion
Reply
comarow
Trusted Contributor

тАО09-18-2005 07:32 AM

тАО09-18-2005 07:32 AM

Re: how to find the users who have high privilege

There is an excellent third party tool called Point Secure which will provide this information as well as check file protections and all sorts of security related information. We recommend it's use at Colorado Springs for security sensative sites. It runs on the PC and reads your VMS systems.

Bob C
0 Kudos
Reply
Davor_7
Regular Advisor

тАО09-18-2005 12:11 PM

тАО09-18-2005 12:11 PM

Re: how to find the users who have high privilege

Hi Bob
you mean that this tool can be run on Windows and read data from VMS??
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО09-18-2005 12:29 PM

тАО09-18-2005 12:29 PM

Re: how to find the users who have high privilege



Those tools are good.

If you have (g)awk or perl installed you can do something like:

$mcr authorize list/full
$ gawk "/^User/{u=$2} / Priv/{p=$1} / OPER /{print u,p}" sysuaf.lis

or

$ perl -ne "($a,$b)=split; $u=$b if /^Use/; $p=$a if /\sPriv/; print ""$u $p\n"" if /\sOPER/" sysuaf.lis

Or with a DCL loop workign directly on the source (SYSUAF.DAT) exploiting the following info:

$ pipe libr/ext=$uafdef/out=sys$output sys$library:lib.mlb | searc sys$pipe q_priv
$EQU UAF$Q_PRIV 412
$ pipe libr/ext=$prvdef/out=sys$output sys$library:starlet.mlb | search sys$pipe v_oper
$EQU PRV$V_OPER 18

---- uaf_oper.com ---

$open /read /share uaf 'f$parse("SYSUAF","SYS$SYSTEM:.DAT",,,"SYNTAX_ONLY")
$loop:
$ read/end=done uaf rec
$ if f$cvsi(412*8+18,1,rec) then write sys$output f$extr(0,12,rec)
$ goto loop
$done:
$close uaf


fwiw,
Hein.
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО09-18-2005 08:49 PM

тАО09-18-2005 08:49 PM

Re: how to find the users who have high privilege

This .com does it. Just cut and paste it into test.com and execute it with @.

But there are other ways to get OPER. SETPRV for example.

Wim
Wim
0 Kudos
Reply
Robert_Boyd
Respected Contributor

тАО09-19-2005 02:48 AM

тАО09-19-2005 02:48 AM

Re: how to find the users who have high privilege

On post V7 systems you can do this:

$ pipe mcr authorize show */brief | search sys$input: all,system,oper /output=privileged_users.lis

Robert

Master you were right about 1 thing -- the negotiations were SHORT!
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО09-19-2005 04:13 AM

тАО09-19-2005 04:13 AM

Re: how to find the users who have high privilege

Hein,

care to elaborate on your EQU command?
AFAIK it is not standard DCL....


Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Uwe Zessin
Honored Contributor

тАО09-19-2005 06:08 AM

тАО09-19-2005 06:08 AM

Re: how to find the users who have high privilege

Jan,

>$EQU UAF$Q_PRIV 412

That is not a DCL command ;-)

It's one line in module ($uafdef) in Macro library (sys$library:lib.mlb) extracted by this command:

$ pipe libr/ext=$uafdef/out=sys$output sys$library:lib.mlb | searc sys$pipe q_priv
.
0 Kudos
Reply
comarow
Trusted Contributor

тАО09-21-2005 08:26 PM

тАО09-21-2005 08:26 PM

Re: how to find the users who have high privilege

Sep 19, 2005 00:11:53 GMT N/A: Question Author

--------------------------------------------------------------------------------
Hi Bob
you mean that this tool can be run on Windows and read data from VMS??



/Exeactly. It is a super monitor and alerts in red problems and can fix many conditions. For example it can fix quorum idssues. It warns if memory tight situations and many problems. Because it has power, it must be on the same lan on the system.

We are set up to do the anaylsis for you for a reasonable fee as well.

It also checks file protections and all sorts of goodies. It has a companion software, System Detective that sets up rules on your VMS system.

send mail to robert.comarow@hp.com for more specifics.

I'm impressed.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.